General
-
Target
vanity spoofer.exe
-
Size
3.9MB
-
Sample
230201-ywjb3sdf2z
-
MD5
a05eb88a8582c2379f211a3f1f927921
-
SHA1
0f75aba442b075198318e1cb0c0c9a1829bdf518
-
SHA256
af947d6eb5857e58621007a6d838c85de6e90e090fc2c14a664ded97a4a3bca5
-
SHA512
f8ff1bc58583d57910634b30287612682772dbe96c70a1b7ed5fc541b1f88eae9c3dcc1017d52100d25c81fff1d5af44fa6f65ac8fbc9953d72057f38c4fc018
-
SSDEEP
98304:x0T+SrpWYVrsk9N8ivyhAdsPSQxhsnWJLXq0f4ogdCyb:MfzVN8iNISOlJzqwU
Behavioral task
behavioral1
Sample
vanity spoofer.exe
Resource
win10v2004-20221111-en
Malware Config
Targets
-
-
Target
vanity spoofer.exe
-
Size
3.9MB
-
MD5
a05eb88a8582c2379f211a3f1f927921
-
SHA1
0f75aba442b075198318e1cb0c0c9a1829bdf518
-
SHA256
af947d6eb5857e58621007a6d838c85de6e90e090fc2c14a664ded97a4a3bca5
-
SHA512
f8ff1bc58583d57910634b30287612682772dbe96c70a1b7ed5fc541b1f88eae9c3dcc1017d52100d25c81fff1d5af44fa6f65ac8fbc9953d72057f38c4fc018
-
SSDEEP
98304:x0T+SrpWYVrsk9N8ivyhAdsPSQxhsnWJLXq0f4ogdCyb:MfzVN8iNISOlJzqwU
Score10/10-
StormKitty payload
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-